From 6cf3fc00aa11ae2429bc61effa010d6b9dc1991f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Przemys=C5=82aw=20Hejman?= <przemyslaw.hejman@quesma.com>
Date: Thu, 18 Jul 2024 19:41:00 +0200
Subject: [PATCH] Allow disabling TLS explicitly (#546)

So we have this logic to ignore creating TLS-based connections when we
get specific TLS-related errors (assuming that plaintext connection
should be used).

However, when we start Quesma while ClickHouse is dead, aforementioned
logic doesn't work and we don't fallback to non-TLS connection properly,
as the error is just "connection refused":
![image
(12)](https://github.com/user-attachments/assets/b043bda5-6e57-4895-bb63-5f051633ec4d)
So eventually when plaintext ClickHouse comes up, the pool will keep
failing repeatedly with `tls: first record does not look like a TLS
handshake`.

The proposed remediation is to just allow explicitly disabling TLS via
configuration.

**Alternative approach** would be to derive this property by looking at
port numbers:
* 9000 -> no TLS
* 9440 -> TLS

of course being very verbose in logs about Quesma's choice.
---
 quesma/clickhouse/connection.go | 5 +++--
 quesma/config.yaml.template     | 1 +
 quesma/quesma/config/config.go  | 1 +
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/quesma/clickhouse/connection.go b/quesma/clickhouse/connection.go
index d699a337f..770f7c97a 100644
--- a/quesma/clickhouse/connection.go
+++ b/quesma/clickhouse/connection.go
@@ -24,8 +24,9 @@ func initDBConnection(c config.QuesmaConfiguration, tlsConfig *tls.Config) *sql.
 			Database: c.ClickHouse.Database,
 		}
 	}
-
-	options.TLS = tlsConfig
+	if !c.ClickHouse.DisableTLS {
+		options.TLS = tlsConfig
+	}
 
 	info := struct {
 		Name    string
diff --git a/quesma/config.yaml.template b/quesma/config.yaml.template
index ded752c56..832ae4f44 100644
--- a/quesma/config.yaml.template
+++ b/quesma/config.yaml.template
@@ -13,6 +13,7 @@ connectors:
     type: "clickhouse-os" # one of [clickhouse, clickhouse-os, hydrolix]
 #clickhouse:   # this config is going to be removed, but for now let's just comment out
 #  url: "clickhouse://localhost:9000"
+#  disableTLS: true  # required for plaintext connections
 ingestStatistics: true
 internalTelemetryUrl: "https://api.quesma.com/phone-home"
 logging:
diff --git a/quesma/quesma/config/config.go b/quesma/quesma/config/config.go
index 2215ff12b..14b1abd18 100644
--- a/quesma/quesma/config/config.go
+++ b/quesma/quesma/config/config.go
@@ -62,6 +62,7 @@ type RelationalDbConfiguration struct {
 	Password      string `koanf:"password"`
 	Database      string `koanf:"database"`
 	AdminUrl      *Url   `koanf:"adminUrl"`
+	DisableTLS    bool   `koanf:"disableTLS"`
 }
 
 type OptimizerConfiguration struct {